Malicious Package in whiteproject

All versions of whiteproject contain obfuscated malware that uploads Discord user tokens to a remote server. This allows attackers to make purchases on behalf of users if they have credit cards linked to their Discord accounts. Recommendation Remove the package from your environment. Review your...

[Full-disclosure] PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 posixaccess posix ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 54 CVE: CVE-2008-2665 CWE: CWE-264 SecurityRisk:...

{securityreason.com}PHP 5 *printf() - Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.5 and prior : printf functions Integer Overflow Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason.com and SecurityReason.pl Date: - - Written: 01.03.2008 - - Public: 20.03.2008 SecurityReason Research SecurityAlert Id: 52 CVE-2008-1384...

TWiki失败登录信息泄露漏洞

TWiki是一款流行的基于WEB的百科全书程序。 TWiki处理失败登录存在问题，远程攻击者可以利用漏洞访问受限制的标题。 当站点设置为如下： 1，如果ErrorDocument 401设置指向TWikiRegistration标题或者任意TWiki标题并且 2，使用TWiki-4.0的ApacheLogin和会话起用，或者使用SessionPlugin的早期TWiki版本，并且 3，运行了Apache 1.3。 那么可使用如下方法进行测试： 1，在左边栏点'Login'连接 2，输入合法用户名，但错误的密码 3，点"ok" 4，如果Apache重提示，再输入相同用户名和密码...